iDGARD User Manual Section III, Version 1

1

iDGARD User Manual

Section I: iDGARD at a Glance, Application Fields, Positioning,

iDGARD vs. Others, Security Basics Section II: Service Features Application via Browser Section III: Administrator Manual Setting up Single Sign-on Section IV: Application of Windows Productivity Tool Application of Office Add-In (Outlook, Word, etc.) Section V: Application via iOS App

Application via Blackberry / Android App Application via WebDAV Section VI: Further Tips & Tricks

for Data Rooms Section VII: API Definition

iDGARD User Manual Section III, Version 1

2

Table of Contents: Section III

Table of Contents: Section III ........................................................................................................ 2

1 Registration of a New iDGARD Account .................................................................................. 3

1.1 Non-binding Trial Package ............................................................................................. 3

1.2 Confirmation E-mail & Activation Link ............................................................................ 4

1.3 Direct Acquisition ........................................................................................................... 4

2 Administrator Overview ............................................................................................................ 5

2.1 List of Users ................................................................................................................... 5

2.2 Settings .......................................................................................................................... 7

2.3 Account Status ............................................................................................................... 9

2.4 Orders ............................................................................................................................ 9

2.5 Master Data.................................................................................................................... 9

3 Licenses, Roles, and Rights Overview ................................................................................... 10

4 Account Settings Carried out by Uniscon............................................................................... 10

4.1 Orders .......................................................................................................................... 10

4.2 Master Data.................................................................................................................. 10

4.3 Data Backup (Sealed Backup) ..................................................................................... 10

5 Integration of LDAP / Active Directory .................................................................................... 12

5.1 Installation of EMS ....................................................................................................... 12

5.2 Configuration of EMS ................................................................................................... 12

5.3 Creation of „Enterprise Secrets“ .................................................................................. 13

5.4 Classification of iDGARD Users in LDAP Groups ....................................................... 13

5.5 Cost Minimization with Floating Licenses .................................................................... 13

Guidance for Enterprises ............................................................................................................. 14

iDGARD User Manual Section III, Version 1

3

1 Registration of a New iDGARD Account

iDGARD ensures organisations, businesses and freelancers confidential and

compliant internal and external online communication. For security purposes

(since you are the only party able to access your data), please sign up entering a

user name and password as well as your organization's master data. You may

settle service use via invoice or direct debit. For enterprise package deals, kindly

contact our iDGARD Business Support hotline: (+49-89) 4161598-7.

1.1 Non-binding Trial Package

At www.idgard.de, you can sign up for a non-binding 14-day free trial. In selected

cases, disposing of a Bonus Code entitles you to a longer trial period. For a trial

customized to your needs, please contact our iDGARD Business Support hotline:

(+49-89) 4161598-7.

Registration consists of three steps:

1. Master data entry

2. Creation of user name and password

3. Declaration of consent to

a. the model Commissioned Data Processing Agreement pursuant to §

11 BDSG (ADV), i.e. the Federal Data Protection Act regarding

commissioned collection, processing or use of personal data,

b. the Terms & Conditions and

c. the Data Privacy Statement.

Important Note on User Names & Passwords:

Uniscon, the service provider of iDGARD, can not access the aforemen-

tioned data in any way whatsoever. Therefore, kindly memorize your user

name and password or deposit it with a trustee or other maximum-security

party, since Uniscon has no way of restoring or resetting said data, if you

lose it.

Recommendation:

We suggest creating this account merely for service administration purposes and

(if you, too, wish to use iDGARD) that you create an employee account for your-

self. This allows for administrator rights to be handed over easily and conveniently

to a successor, if and when necessary. We therefore recommend selecting a user

name that is not associated with you but rather with your organization.

Your free trial ends automatically upon expiration. However, you may switch to

further use for a fee through your iDGARD account anytime.

iDGARD User Manual Section III, Version 1

4

Please make sure your e-mail address is spelled correctly. Once registration is

completed, you will receive an activation link with which to clear your iDGARD ac-

count. Login is not possible until you have activated this link.

The user that performs this initial registration is the so-called Registration Adminis-

trator.

1.2 Confirmation E-mail & Activation Link

The instant you order the service, i.e. once you have entered the master data, se-

lected a user name and password, and declared your consent, you will receive a

confirmation e-mail with an activation link. If you access the link, the service is in-

stantly cleared for you and automatically routs you to the login form.

Whether you wish to conclude a model Commissioned Data Processing Agree-

ment with Uniscon pursuant to § 11 BDSG (ADV), i.e. the Federal Data Protection

Act on commissioned collection, processing or use of personal data, depends on

whether you advocate the judicial conception of absolute or, rather, relative per-

sonal reference. If you champion the less constrictive interpretation of relative per-

sonal reference law, then you won't need a Commissioned Data Processing

Agreement, to use iDGARD. After all, Sealed Cloud technology technically ex-

cludes that any personal reference data is accessible by Uniscon in the first place.

If you wish to (or must) conclude such a contract in order to use iDGARD, then

kindly note that the Agreement shall be amicably be declared null and void unless

made in writing and become effective only once your organization and Uniscon

have mutually exchanged signed copies of said Agreement.

1.3 Direct Acquisition

Should you wish to skip the trial phase and, instead, prefer to access all iDGARD

features immediately or add further licenses, you may simply switch to the admin-

istrator overview once you have logged in and access the "Order" tab. Here, you

can switch to payment mode directly.

You are, of course, also welcome to authorize our back office to switch the access

to payment mode for you.

For the latter, and for twelvemonth package deals or offers for large-scale organi-

zations or enterprises, please contact our iDGARD Business Support hotline:

(+49-89) 4161598-7.

iDGARD User Manual Section III, Version 1

5

2 Administrator Overview

Users granted administration rights see the icon on their overview.

Clicking this symbol allows them to access the administrator overview.

Here, one can find a list of users, the defined settings, account status information,

a page to modify orders, and a page listing the master data.

2.1 List of Users

The user list reflects all Full and Guest Licenses in use.

The icons in the displayed columns represent the following:

role

status, i.e. „activated“, „deactivated“ or „ready for invitation"

license, i.e. Full License and Guest License

memory volume consumed in own Privacy Boxes

memory volume consumed in third-party Privacy Boxes

name

personnel data, e.g. company name or personnel number

date and time of last login.

Here, you also find:

how many guests have created and invited a user with a Full License, and

how many Data Rooms authorized users have created.

iDGARD User Manual Section III, Version 1

6

One may also define whether a user with a Full License may:

create or modify temporary Privacy Boxes,

create or modify Privacy Boxes, or

create or modify Data Rooms.

The Guest License icon applies to the column in which one may define

whether or not a Full License user is entitled to invite guests.

Last but not least, e-mail notification columns define whether or not notification of

new and unread entries is desired

on the hour or

once a day.

If you wish to modify access rights, simply click the respectively labeled button.

If you wish to disclose the details page to all users, click the Role icon. With Guest

Licenses, the details view reveals who defined them.

To delete a license, simply click the waste bin in the right-hand column.

iDGARD User Manual Section III, Version 1

7

!

2.2 Settings

Under „Settings“, a user can adjust all corporate-wide and/or ac-

count-wide settings.

The first setting allows you to insert your company logo, so can re-

mind the user that, with iDGARD, your organisation or company con-

trols all data and not the service provider of iDGARD. When you select and upload

a logo with the "select file" button, it stands out on the iDGARD bar on the top of

every page.

Apart from this feature, all other settings concern security options and preferences.

To facilitate configuration, you are presented typical setting models for

Protection Class I

Protection Class II or

Protection Class III

security pursuant to the German Government's TCDP (Trusted Cloud Data Protec-

tion) profile. You may define and adjust security to the degree your individual busi-

ness needs, to store and share data with iDGARD. The Federal Ministry of Eco-

nomics' pilot "Data Privacy Certification" has submitted a working paper, whose

essence is illustrated in an online calculator (available at

www.idgard.de/schutzklassen), with which you may assess the processing securi-

ty that is best suited for your business.

Please note that the illustrated models merely represent typical case study set-

tings. Necessary protection class settings may vary on an individual

basis.

Selected setting options are shown when you access the red cloud icon.

One of the first options deals with whether or not the first and last access of a

member should be visible in the Privacy Box created by account users or whether

only the first but not the last access should be displayed.

Note: This feature is often appreciated by works councils, since it ensures a high

level of business data privacy, needless to say, only in the event that said data is

not subject to disclosure obligations.

A further set of options concerns password and codeword criteria. iDGARD has a

mandatory password regulation that demands a minimum of 8 characters. Within

this options block, one can also define whether

iDGARD User Manual Section III, Version 1

8

at least 1 lowercase and 1 capital letter,

at least 1 digit,

at least 1 special character or

periodic password modifications should be mandatory or

existing passwords rejected.

This feature allows regulations to be defined up front, so that passwords are not

easily guessed and, should the case arise, identified ones remain effective only for

limited periods of time.

A third block of options concerns whether or not WebDAV interface usage rights

are to be granted. Using WebDAV customarily requires local memory of user

names and passwords and is thus merely advisable if the device in use is located

in a trustworthy environment.

A fourth block concerns 2-factor authentication. 2-factor authentication ensures

confidentiality in the event of ID theft, e.g. per SMS Passcode. The hazards posed

by ID theft as a result of malware on your device or camera surveillance are not to

be underestimated. User names and passwords are fairly easy to guess, as well.

Hence, it is often advisable to enforce mandatory 2-factor authentication.

A fifth block pertains to surveillance of encrypted connections between terminals

and iDGARD. Encrypted connections from and to devices can be jeopardized by

so-called man-in-the-middle attacks, if certificates are not tested explicitly. In order

to increase data transfer security, it normally makes sense not to leave certificate

testing of device software up to the user.

A sixth block applies to regulations regarding session time-outs. In order to pre-

vent unauthorized parties from taking over user sessions, we recom-

mend session time-outs at short intervals upon inactivity. Long-interval

time-outs are only recommendable for users working in trustworthy en-

vironments.

A seventh block defines the rights new users are granted regarding Privacy Box

types they may create or modify.

In an eighth block, one can set the maximum lifespan of new tempo-

rary boxes.

iDGARD User Manual Section III, Version 1

9

2.3 Account Status

Here,

the account number, the number of booked and used licenses, the booked and consumed memory volume, the number of booked and used Data Rooms, and the number of exhausted text messages

can be checked for the purpose of service inquiries.

2.4 Orders

On the „Orders“ page, you my add or delete licenses to your account.

You may also switch from one standard package deal to another. For

customized packages, please contact our iDGARD Business Support

hotline: (+49-89) 4161598-7.

The rates mentioned herein are monthly usage rates. Rate changes can be seen

here directly. If you modify your order, the adjustment will become effective only

upon further confirmation. You will then be routed to the status page to confirm the

new status.

2.5 Master Data

On the Master Data page, you can check and, if necessary, update

your organization's master data and find out who your respective ad-

ministration and accounting contact is.

iDGARD User Manual Section III, Version 1

10

3 Licenses, Roles, and Rights Overview

See User Manual, Book II, Chapter 2.

4 Account Settings Carried out by Uniscon

4.1 Orders

If you prefer for Uniscon to modify your order status, no problem. Simply send your

request to business@uniscon.de or Uniscon GmbH, Agnes-Pockels-Bogen 1,

80992 Munich, Germany.

4.2 Master Data

If you prefer for Uniscon modify your master data, this is feasible, as well. Simply

send your request to business@uniscon.de or Uniscon GmbH, Agnes-Pockels-

Bogen 1, 80992 Munich, Germany.

4.3 Data Backup (Sealed Backup)

Application

Geo-redundant*, automatic backup on provider-side,

safeguards against data loss in the following cases:

• accidental deletion through the user

• complete destruction of all redundant structures in one of the data centers.

All data and single files can both be restored. The type of backup mentioned here-

in is automatic and causes users no network traffic.

What is Sealed Backup?

Conventional backup systems have the drawback that the service provider has a

reading key with which it can access and reset data, if necessary. This categorical-

ly allows provider staff to access user data even if unauthorized.

In contrast, Sealed Backup creates backup copies, to which service provider staff

have absolutely no access whatsoever, neither when backup copies are created

nor, should the case arise, when data is restored.

iDGARD User Manual Section III, Version 1

11

How can I add Sealed Backup to my order?

iDGARD customers can add Sealed Backup to their account per flat (blanket) or-

der. This covers the entire account and is provided by Uniscon within one work-

day.

How often are backup copies created?

The following backup copy scenarios are available in case of need:

- daily data status of the past 7 days (end of period: 2 AM CET),

- the data status of the past 7 weeks (Sundays) and

- the data status of the past 7 months (the first Sunday of each respective month).

How is backup data read?

If applicable, the iDGARD customer contacts Uniscon for a reading session, men-

tioning his/her customer ID and the date of the desired backup copy.

On the agreed date, all data or mere single files are accessed, buffered locally,

and fed back into iDGARD with the account administrator's access data (to the

respective backup call date and under a separate iDGARD infrastructure URL).

How can iDGARD guarantee deletion with Sealed Backup?

Since a deletion guarantee is normally incompatible with backup, one can explicitly

exclude backup of individual Privacy Boxes and/or Data Rooms. The box adminis-

trators can control this setting themselves. Of course, the statutory right to deletion

upon request of the user remains unaffected.

iDGARD User Manual Section III, Version 1

12

5 Integration of LDAP / Active Directory

Integrating iDGARD in your Intranet domain's identity management carries the fol-

lowing benefits:

The initial obstacle of having to enter a further user name and password is

eliminated. Experience has it that, when confronted with such hurdles, us-

ers tend to sidestep security and give way to less reliable systems. Elimi-

nating such obstacles in secure systems therefore actually benefits security

and data privacy. If you have integrated iDGARD into your system with sin-

gle sign-on, then your staff merely has to click a button in your Intranet or a

bookmark in the respective browser and is then already logged in to iD-

GARD. The security data to your domain automatically applies to iDGARD

login, as well.

What's more, with this type of integration, you no longer have to create sin-

gle users individually in iDGARD. The system creates them automatically

for you with your domain controller's parameters upon first use.

The aforementioned requires an Enterprise Management System (EMS), which is

operated within your domain.

5.1 Installation of EMS

System requirements for EMS operation are:

Linux or Microsoft server (dedicated or virtual, preferably the former)

8GB RAM minimum

network configuration that ensures your organization's iDGARD users

availability of said server

Installation occurs with the aid of a convenient installer program, that our Service

team provides once EMS installation is ordered.

5.2 Configuration of EMS

The next step consists in configuring the EMS. The inquiry format is entered, to

this end, for the domain controller pursuant to your environment. An online demo

of EMS configuration is available at https://www.idgard.de/demo-ems/.

iDGARD User Manual Section III, Version 1

13

5.3 Creation of „Enterprise Secrets“

The core requirement, to be able to authenticate data in iDGARD without being

able to access client user names and passwords, is achieved via Enterprise Se-

cret.

An Enterprise Secret can be created by the Registration Administrator only. When

he/she clicks the "Create Enterprise Secret" button and this is reconfirmed via

password, then iDGARD automatically creates a Privacy Box with a time stamp in

its name, which comprises the 256 byte long Enterprise Secret (within a likewise

automatically created message). From there, the Registration Administrator can

copy it to the respective area in the EMS. This ensures that, even with this applica-

tion, service provider staff can never access any data that is necessary for authen-

tication at any time whatsoever.

5.4 Classification of iDGARD Users in LDAP Groups

Different user groups can be divided into differing LDAP groups,

on the one hand, so user fees may be classified according to groups, and

on the other hand, so varying user groups can be granted varying rights.

For example, it might be wise to grant a user group heading a project the right to

invite guests to a Privacy Box and create Privacy Boxes and Data Rooms yet not

grant these rights to regular employees. This is conveniently configurable via

EMS.

5.5 Cost Minimization with Floating Licenses

Not all employees of all organizations necessarily need iDGARD access at all

times. It might be advisable to hold iDGARD licenses available for all employees

but grant the rights to use them as and when required only.

EMS enables pay-per-use settlement and floating licenses. Feel free to contact us

for more.

iDGARD User Manual Section III, Version 1

14

Guidance for Enterprises

Please don't hesitate to contact us for a tailor-made solution adjusted to your

needs. We can integrate iDGARD into your system, to ideally optimize your busi-

ness' processes. Simply call our iDGARD Business Support hotline (+49-89)

4161598-7 or e-mail us at business@uniscon.de.